Net neutrality activists, not hackers, crashed the FCCs comment system

An unprecedented flood of citizens concerned about net neutrality is what took down the FCC’s comment system last May, not a coordinated attack, a report from the agency’s Office of the Inspector General concluded. The report unambiguously describes the “voluminous viral traffic” resulting from John Oliver’s Last Week Tonight segment on the topic, along with some poor site design, as the cause of the system’s collapse.

Here’s the critical part:

The May 7-8, 2016 degradation of the FCC’s ECFS was not, as reported to the public and to Congress, the result of a DDoS attack. At best, the published reports were the result of a rush to judgment and the failure to conduct analyses needed to identify the true cause of the disruption to system availability. Rather than engaging in a concerted effort to understand better the systematic reasons for the incident, certain managers and staff at the Commission mischaracterized the event to the Office of the Chairman as resulting from a criminal act, rather than apparent shortcomings in the system.

Get on top of your E-commerce game by tapping on Amazon, the website that reaches more than 300 million customers.Do it with tool Instazon. Instazon is the world's most powerful Amazon marketing powerpack solution.This comprehensive Amazon business t

Premium one of a kind wordpress themes that do all the onpage seo for you including image seo, with TigerPress themes you can also generate an unlimited amount of geo targeted landing pages in any language.

The approximately 25 pages of analysis (and 75 more of related documents, some of which are already public) relate specifically to the “Event” of May 7-8 last year and its characterization by the office of the Chief Information Officer, at the time David Bray. The investigation was started on June 21, 2017. The subsequent handling of the event under public and Congressional inquiry is not included in the scope of this investigation.

As the report notes, Bray shortly after the event issued a press release describing the system’s failure as “multiple distributed denial-of-service attacks.” A variation on this was the line going forward, even well after Bray left in October 2017.

However, internal email conversations and analysis of the traffic logs reveal that this characterization of the event was severely mistaken.

Here it ought to be said that in the chaos of the moment and with incomplete time and information, an accurate diagnosis of a major systematic failure is generally going to be an educated guess at first — so we mustn’t judge Bray and his office too harshly for its mistake, at least in the immediate aftermath.

But what becomes clear from the OIG’s investigation is that the DDoS narrative first advanced by Bray is not backed up by the evidence. Their own analysis of the logs clearly shows that the spikes in traffic correlate directly with activity from John Oliver’s Last Week Tonight, which that evening and the following morning posted tweets and videos that garnered an immense amount of traffic and directed it at the FCC’s comment system.

“These spikes in traffic are singular rather than sustained, that is, the unique IP addresses that visited the FCC domain and ECFS did not do so over a sustained period of time, at regular intervals (as would be expected during a DDoS),” the report explains in the caption for the graph above.

“The traffic observed during the incident was a combination of “flash crowd” activity and increased traffic volume resulting from [redacted] site design issues,” reads the report. I’ve asked for more detail on these design issues and how they contributed to the system’s failure.

Interestingly, it appears some at the FCC were aware that Oliver was planning a segment on net neutrality for that time period, but no one thought to brace for it. According to a colleague interviewed for the report, “Bray was furious that he had not been informed about the John Oliver episode.”

Email excerpts from the time of the event, collected by the FCC’s OIG.

World's No.1 and Most Powerful Cloud Based Email Marketing Software to make them STOP Losing their Leads, STOP Paying Heavy Monthly Fees and Generate More Leads, Gets them Better Delivery, More Opens and Clicks completely hassle free...

In fact, however, even confronted with the fact that Oliver’s segment was likely directly driving traffic, Bray suggested that “trolls” and 4chan were the more likely culprit.

We’re 99.9% confident this was external folks deliberately trying to tie-up the server to prevent others from commenting and/or create a spectacle.

Jon Oliver invited the “trolls” – to include 4Chan (which is a group affiliated with Anonymous and the hacking community).

His video triggered the trolls. Normal folks cannot manually file a comment in less than a millisecond over and over and over again, so this was definitely high traffic targeting ECFS to make it appear unresponsive to others.

All this, and the description put in the press release and some subsequent communications, is “not accurate,” as the OIG put it.

As a result, “we determined the FCC, relying on Bray’s explanation of the events, misrepresented facts and provided misleading responses to Congressional inquiries related to this incident.”

It’s worth noting that this has already been looked at by federal prosecutors:

Because of the possible criminal ramifications associated with false statements to Congress, FCC OIG formally referred this matter to the Fraud and Public Corruption Section of the United States Attorney’s Office for the District of Columbia…On June 7, 2018, after reviewing additional information and interviews, USAO-DC declined prosecution.”

In a way, as Chairman Ajit Pai wrote yesterday, this does somewhat exonerate his office for its year-long campaign of stalling, half-truths, and outright refusals to answer questions. If they took Bray’s characterization as gospel, they had to stick to that analysis. Furthermore, with an investigation ongoing, what they could and couldn’t say was likely limited at the request of the OIG.

But that’s only a partial pardon. In the year and change since the event there has been ample time for reflection and revisiting of the data. Bray left in October; why did the new CIO not use the occasion to take a fresh look at a report that was plainly doubted by many in the agency?

The CIO’s office, as the report notes, never actually issued a substantive report showing that its DDoS narrative was true. And shortly after the event, it was, as one staffer put it, “common knowledge” that the analysis was flawed. This knowledge was arrived at through “further research” after the fact — but then it turned out no “further research” was conducted.

What kind of operation is this? Why was FCC leadership not foaming at the mouth asking for better information? The Chairman was under fire from all sides — no one bought the story he was selling — why not walk over to the CIO’s office, now rid of its Obama administration–tainted head (Pai mentioned this association twice in his statement yesterday), and demand answers?

Pai denies that he or his office was aware of these shortcomings and opted not to rectify them because they were advantageous to his plan to reverse 2015’s net neutrality rules. But how could such a demonstrably shoddy and undocumented analysis persist for so long, under such close scrutiny? This wasn’t a minor technical glitch unworthy of leadership’s attention. It was national news.

The optics of a confusing and incomplete DDoS report aren’t good. But the report, if it was wrong, as everyone seemed to consider it even day-of, could always be disavowed and its author blamed on Obama.

What’s worse are the optics of a wave of public opposition to a controversial proposal, so strong that it literally took down the system created — and recently upgraded! — to handle that kind of feedback. This narrative, of a flood of pro-net-neutrality commenters so large that not only did it break the system, but many of their comments were arguably unable to be posted and (notionally) included in the FCC’s analysis — that, my friends, is a bad look.

Although this investigation has concluded, another by the Government Accountability Office is ongoing and may have a wider scope. If not, however, it seems unthinkable that the FCC and its current leadership can walk away from this unscathed. Ultimately this entire debacle took place under Ajit Pai’s watch, and his handling of it is at best dubious. Citizens and no doubt elected officials are almost certain to ask hard questions — and this time, the Chairman might actually have to answer them.

Recommended Products

Email Force is built on the same ROBUST platform as the Converzly Copy Engine. It’s super simple to use because it uses the same automation technology.
It’ll quickly and effortlessly create you profitable emails for ANY product you’re promoting, in any ni

Mobiflux Developer Edition ProGet the developer rights to WP Mobiflux and legally implement WP Mobiflux on your client’s side. Just tell them that what all they can do with WP Mobiflux and how they can get sales and leads.Then, just install it on their site and charge them a setup

Viral Reach : Credi Response ProCredi Response is a web based SAAS product that is 100% compatible with Facebook terms if service. It replies to each and every comment with a notification graphic and sound on your Facebook fan page automatically..Reach out to followers in their inbox,

VideoPal Profit CampusVideo Pal is a revolutionary new app that gets you more leads, sales and profits on autopilot!

Memester Ace MonthlyMemester Ace can support 12 Facebook Groups. Facebook Groups support is not available in the elite version.You also get the capability to work with higher caps.The Memester Ace Version can integrate with 25 Facebook Pages, 8 Facebook Profiles, 10 Twitt

Leads2List Agency 200Leads2List is a proven software, that will help you unlock fresh lead source. So, you are aware of the benefits. So, now is the time to earn recurring income by becoming a reseller for Leads2List.You can sell the software under your own name and keep 10

Leads2List AceLeads2List Ace unlocks 100% fresh leads source. With LinkedIn, you’ll be able to target on the basis of their jobs, educational profiles, income levels, professional expertise, skills, etc. Things you could not even imagine with Facebook.With this upda

CONVERSION GORILLADiscover The Easy Way To Boost Conversions, Clicks and Sales - Try it out for a full 14 Days for Just $1!

Memester - Mighty Memes ProMighty Memes pro is the only professional meme static image meme marketing software that handles everything from meme creation to meme publishing.
You get access to a library of more than 700 ready meme templates that can be customised with your own capti

TigerPress Volume 4 Theme ClubGet all Tigerpress themes added each month, including the HTML versions and white label functionality, members also receive FREE updates and support, and also receive access to SaaS bonuses added monthly for one low price.

TigerPress Previous Volumes Second Chance 3Premium one of a kind wordpress themes that do all the onpage seo for you including image seo, with TigerPress themes you can also generate an unlimited amount of geo targeted landing pages in any language.

Viper Cache Personal License10x your page load speed with viper cache engine...built from the ground up to give you total ease of use and minimum user input and maximum security unlike its competitors.

Social Interest Freak LightDesktop Software Fully Compatible for PC and Mac that uses the latest API to allow laser-targeting of Facebook/Instagram Ads at a level that's never been possible before for the Average Joe or Jane, Small Business Owner/Entrepreneur.

Viral Reach Pro MonthlyViral Reach Pro is the only Professional Content SAAS app that post and work with a variety of content. Especially content that keeps people on Facebook - Videos, Images and GIFs.
The Pro upgrade super-charges everything. It can Support up to 60 Campaign

Email Force - AgencyEmail Force is built on the same ROBUST platform as the Converzly Copy Engine. It’s super simple to use because it uses the same automation technology.
It’ll quickly and effortlessly create you profitable emails for ANY product you’re promoting, in any ni

TigerPress Volume 4 Theme ClubGet all Tigerpress themes added each month, including the HTML versions and white label functionality, members also receive FREE updates and support, and also receive access to SaaS bonuses added monthly for one low price.

Audioflow CommercialMake videos like the PROand#39;s with the most advanced audio solution for video creators.

The Stavrou MethodThe Stavrou Method is a comprehensive health/wellness package that has contributions from five experts with over 120 years experience.. It includes
? A Webinar!
? 11 eBooks on the WHYs and HOWs of Health, Wellness, and Fat Loss!
? Videos!
? Meal Plans

LeadFunnelCloud Premium-MembershipGet this Cloud Based App That Creates INSTANT Done-For-You UNLIMITED Profitable Lead Funnels To Build A HUGE List,Drive Targeted Social Traffic and Affiliate Commissions In Just 60 Seconds

Viral Reach Pro MonthlyViral Reach Pro is the only Professional Content SAAS app that post and work with a variety of content. Especially content that keeps people on Facebook - Videos, Images and GIFs.
The Pro upgrade super-charges everything. It can Support up to 60 Campaign

Viral Reach Reseller UNLIMITEDWhen you sign up as a reseller for Viral Reach we give you everything you need to sell it. You don’t have to bring anything except your marketing skills.Use our Sales Page, Sales Video, Everything is on our hosting. We also support your customers. If th

Instazon Agency PRO 200 LicensesBecome an Instazon Agency owner and you can sell Instazon accounts with Elite or Pro level access. Sell at a yearly fee or charge every month.
You make the sale yourself and get your customers to pay you direct. Create their account using our Agency admi